Secondary Menu

Main navigation

Certify

Version:

Current

Last modified: March 27, 2020

The NGINX configuration in Promote requires TLS/SSL certificates. You must have files for keys and certificates accessible at /var/promote/certs on each node in the proper format. Otherwise, NGINX won't run.

The installer generates self-signed certificates if the user doesn't have other certificates, but we don't recommend you use those for SSL/TLS encryption. We recommend using certificates that a certificate authority issues. However, self-signed certificates are adequate for on-premise installations that do not expose your servers to the internet.

Add or Change Certificates

Add or change certificates by following these instructions.

You must restart NGINX as part of this process, which may cause downtime.

Obtain these from a certificate authority:

Key

Certificate

CA bundle

To create a certificate bundle, put the certificate and CA bundle in one file, certificate first.

Rename the key to "key.pem."

Rename the certificate to "cert.pem."

Secure copy the files to all three nodes, overwriting the existing cert.pem and key.pem in /var/promote/certs.